Android has a big security breach that allows hackers to tamper with apps

On December 9, GuGe revealed an android vulnerability known as the Janus. The vulnerability allows attackers to bypass the android signature mechanism, allowing attackers to tamper with the App, and android 5.0 to 8.0.

Top security experts remind android users to upgrade to the latest version of android and download or update apps on the App's official website. At the same time, it is recommended that the developer upgrade the App installation package to the V2 signature mechanism, or configure the security SDK of the top elephant technology for the App to guard against the threat posed by the vulnerability.

We know that the mobile phone system is mainly android and iPhone iOS, and android is an open source, so its security has always been a problem. So there's no problem with the iPhone? The answer is yes, so it is necessary to use the Iphone system phone jammer.

This is a nuclear bomb level security hole

The "Janus" vulnerability was disclosed in GuGe's security bulletin for android in December, and the research team at GuardSquare, a mobile security company, found the vulnerability number: cve-2017-13156.

This vulnerability is based on the signature and verification mechanism of the android jarsigner mechanism. Signature and check are the key mechanisms of android to ensure that the App is not modified, forged or tampered with. The "Janus" vulnerability allows attackers to bypass android's signature mechanism, causing an attacker to tamper with any App.

Once an attacker has put a copy of the malicious code into a third-party App market such as the android store, it can replace the pro version of the App for public download and update. Netizens after installing these fake App, will not only reveal personal account, password, photos, documents, such as privacy information, mobile phones are more likely to be implanted with a Trojan virus, then or cause cell phones are ROOT, even by remote control.

Because the android system of other security mechanisms are based on the signature and verification, "Janus holes can be said to be" broke through the android whole security mechanism, lead to the fall of the android whole security system. As a result, the vulnerability has been identified by domestic security researchers as a "nuclear bomb" level.

However, the "Janus" vulnerability is only for the android 5.0-8.0 system, which is based on the signature scheme of the signature scheme, and the App is not affected by the Siginature scheme V2 signature mechanism. GuGe's latest version of android has also fixed the bug.

The top image technology releases emergency protection plan

The top tech security expert panxiaobo advises android users:

1. Upgrade to the latest android system as soon as possible;

2. Try to update and download the App on the official website, and do not use third-party android App market update or download App in the short term;

For android developers, panxiaobo recommends:

1. Upgrade the App APK (installation package) to the latest Signature scheme V2 Signature mechanism;

2. Based on the formation of the "janus" vulnerability, the developer needs to verify the start byte of the App APK file to ensure that the App is not tampered with;

3. Use the security SDK provided by the top image technology.

As for the origin, impact and solution of the "janus" vulnerability, the top image technology will be analyzed in detail tomorrow.

The top image technology is the leader of Internet business security, and is committed to creating a zero-risk digital world. It was established in April 2017, and sequoia capital China fund member enterprise. The concept of "Shared security" has become the standard framework for a new generation of security products. By panoramic business security risk control system, non-inductive authentication, virtual machine SDK source protection and security solutions and products, such as giving electrical business, financial, IoT, aviation, such as games, social enterprises provide BAT level business security ability, let the platform and users from while wool, fraud, account theft, the content is malicious grab, systems, and the App cracking risk threat, etc.

Of course, you have another solution, which is that you use a cell phone signal jammer, which is a portable signal interceptor that protects your information and data security.